locked
Administrators cannot login to ECP RRS feed

  • Question

  • Our administrators are unable to login to the Exchange 2016 Administrative Center, unless they have a mailbox attached.

    Our Admin accounts are strictly separated from our normal users accounts, and the admin accounts should only be used for administrative purposes. This is why the admin account do not have a mailbox attached to them.

    Now we are upgrade our on-prem exchange from Exchange 2010 to Exchange 2016. Our administrators are able to use Exchange 2016 management shell, but they cannot access the EAC. They get a login screen, fill in their credentials and when they click login they get server error 500. we have checked our arbitration mailboxes, and they are present, and are already migrated to Exchange 2016. If we assign a mailbox to the admin account, then they are able to access ECP.

    According my research, people should still be able to login, even if they do not have a mailbox attached. In this case they should be using the arbitration mailboxes.

    Name                      Alias                ServerName       ProhibitSendQuota
    ----                      -----                ----------       -----------------
    FederatedEmail.4c1f4d8... FederatedEmail.4c... xxxxxxvexcxx     1 MB (1,048,576 bytes)
    SystemMailbox{1f05a927... SystemMailbox{1f0... xxxxxxvexcxx     Unlimited
    Migration.8f3e7716-201... Migration.8f3e771... xxxxxxvexcxx     300 MB (314,572,800 bytes)
    SystemMailbox{D0E409A0... SystemMailbox{D0E... xxxxxxvexcxx     Unlimited
    SystemMailbox{2CE34405... SystemMailbox{2CE... xxxxxxvexcxx     Unlimited

     



    Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.

    Friday, February 23, 2018 1:02 PM

Answers

  • I resolved it myself.

    When checking AD, i found 6 Systemmailbox* accounts, of which only three were mailbox enabled.

    Enabled the other three systemmailboxes*, and the issue was resolved.

    get-aduser -filter "Name -like 'SystemMailbox*'" -Server xxxxxxx -Property Mail | ? {$_.mail -eq $null} | Foreach {Enable-Mailbox $_.DistinguishedName -Database xx-DAGN1-xxx001}


    Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.

    Friday, February 23, 2018 1:22 PM

All replies

  • I resolved it myself.

    When checking AD, i found 6 Systemmailbox* accounts, of which only three were mailbox enabled.

    Enabled the other three systemmailboxes*, and the issue was resolved.

    get-aduser -filter "Name -like 'SystemMailbox*'" -Server xxxxxxx -Property Mail | ? {$_.mail -eq $null} | Foreach {Enable-Mailbox $_.DistinguishedName -Database xx-DAGN1-xxx001}


    Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.

    Friday, February 23, 2018 1:22 PM
  • You should be able to access Exchange Admin Center without an mailbox for the admin accounts.

    Sometimes you need to specify the Exchange version, try with ?ExchClientVer=15 at the end and see if that works. E.g https://mail.contoso.com/ecp/?ExchClientVer=15 or https://mailbox01/ecp/?ExchClientVer=15

    If you’re in a coexistence environment with Exchange 2010, the location of your mailbox controls the default behavior for opening the EAC or ECP:

    • If your mailbox is located on the Exchange 2010 Mailbox server, you get the Exchange 2010 ECP by default. You can access the EAC by adding the Exchange version to the URL (which is 15 for both Exchange 2013 and Exchange 2016). For example, to access the EAC through the Client Access (frontend) services on the Mailbox server named Mailbox01, use the following URL: https://Mailbox01/ecp/?ExchClientVer=15.

    • If your mailbox is located on an Exchange 2016 Mailbox server, and you want to access the ECP on the Exchange 2010 Client Access server named CAS01, use the following URL: https://CAS01/ecp/?ExchClientVer=14.

    https://technet.microsoft.com/en-us/library/jj150562(v=exchg.160).aspx

    Friday, February 23, 2018 1:27 PM
  • Agree with Joel,

    normally admin account doesn't have mailbox and first time login they will need to use: https://Mailbox01/ecp/?ExchClientVer=15

    After successful login to ECP, admins will be able to use https://Mailbox01/ecp/


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Friday, February 23, 2018 1:45 PM
  • Hi Killerbe,
     
    Thanks for your sharing, please be free to mark it as answer.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, February 26, 2018 12:40 PM
  • After upgrading from 2013 to 2016, after a couple weeks I had that horrible  issue trying to log to ECP, then I stumble on your response which makes perfect sense by the way, you don't need a mailbox to access the EAC, but yea having added "ExchClientVer=15" at the end of my URL, problem solved, Thank you Joel
    Monday, January 13, 2020 5:22 PM